Firm being blackmailed by hackers for $6m obtains Irish court injunction

Irish-registered company is allegedly linked to a website publishing confidential data

The court heard  the ‘criminal act’ against Southwire is being investigated by the US Federal Bureau of Investigation. Photograph: Getty

The court heard the ‘criminal act’ against Southwire is being investigated by the US Federal Bureau of Investigation. Photograph: Getty

 

An American company that claims it is being blackmailed by hackers seeking $6 million (€5.35 million) on Tuesday secured an emergency High Court injunction aimed at removing confidential information posted about it on the internet.

Southwire Company LLC secured a temporary order against what are believed to be two Polish nationals and an Irish-registered company that are all allegedly linked to a website publishing confidential information about the US firm.

The company does not say the individuals or the corporate entity named in its proceedings are behind or involved with the cyber-attack.

At the High Court, Jim O’Callaghan SC, appearing with Anthony Thuillier Bl, said his client is based in the US State of Georgia, manufactures cable and wiring and employes thousands of people.

Counsel said that on December 9th Southwire was the subject of a cyberattack, resulting in many of its computer files being encrypted.

The hackers, who counsel said whose identities are currently unknown, demanded a payment in the online Bitcoin currency equivalent to just over $6 million to decrypt the files.

No ransom payment was made, and the company sought expert advice on how to deal with the situation.

The “criminal act” against Southwire is being investigated by the US Federal Bureau of Investigation, counsel said.

Counsel said the attackers became impatient with the refusal to pay the ransom.

Counsel said that in recent days the attackers posted confidential information contained in the company’s files on a website called mazenews.top.

Counsel said the attackers have also threatened to publish more confidential information taken from Southwire’s files.

Counsel said the company was extremely concerned about this and was seeking orders from the Irish High Court after its investigations revealed that the nine-digit IP address of that website is registered to a company called World Hosting Farm Limited (WHFL).

An Internet Protocol or IP address is a number assigned to each device connected to a computer network that uses the Internet for communication.

A Mr Janusz Dybko, with an address c/o New Mallow Road, Cork is listed as being the contact person in regards to that particular IP address, which is owned by WHFL, counsel said.

WHFL, which counsel said is currently listed as having being dissolved, has a registered addresses at New Mallow Road, Cork, and more recently at Dawson Street in Dublin.

The owner and director of the company is listed as a Mr Artur Grabowski of St. Budzynskiego, Stupsk, Poland, counsel said.

The company’s secretary is listed as a firm called Admiral Tax Limited, with a current registered address at Fairview, Clontarf in Dublin.

Counsel said its previous address was listed as the same address as WHFL’s Cork address.

The company wrote to Mr Grabowski, Mr Janusz Dybko and Admiral Tax asking them to cease and desist from hosting anything displaying the confidential information taken by the hackers.

No reply to those demands were received. As a result, the company sought injunctions against those three parties as well as persons unknown involved in the cyber attacks.

The injunction requires the defendants to remove all data relating to Southwire and its customers from the website mazenews.top.

The order also compels the defendants to hand up all data taken from Southwire, and that no further material is taken from the US firm be published on the internet or anywhere else.

The temporary injunction was granted, on an ex-parte basis, by Ms Justice Mary Rose Gearty.

The judge said she was not prepared to grant the company a temporary order preventing the media from publishing the company’s name in its reporting of the case.

The company had argued that the identification of the company at this stage would aid the blackmailers.

However, the judge said that the court did not have the jurisdiction to make such an order, given that justice must be administered in public.

This was not a case, the judge said, where an exception could be made that would allow the court to make that particular order.

The judge, in adjourning the case, made the matter returnable to a date in mid-January.